Community discussions

MikroTik App
 
awstest
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 4:24 pm

Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 10:49 am

Hello!

We have a task to collect logs on a remote server, we are currently trying Elastic Kibana solution and have not been able to find a solution with support for more than 2 weeks.
Windows Server - logstash server.
At the last step of the installation run PowerShell command: bin\logstash -f mikrotik.conf

It hangs here and the process doesn't go any further. No logging to ELK. Elastic support is not very good at adding a Mikrotik and they believe there is a missing rule on the router.
[2021-02-10T11:57:44,364][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"
=>1.88}
[2021-02-10T11:57:44,904][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-02-10T11:57:44,943][INFO ][logstash.inputs.syslog ][main][0f5fb9cf96985447f83be753c676bd828f1e2bbc7ab
c23dc207b3] Starting syslog tcp listener {:address=>"0.0.0.0:5045"}
[2021-02-10T11:57:44,969][INFO ][logstash.inputs.syslog ][main][0f5fb9cf96985447f83be753c676bd828f1e2bbc7ab
c23dc207b3] Starting syslog udp listener {:address=>"0.0.0.0:5045"}
[2021-02-10T11:57:45,012][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :
non_running_pipelines=>[]}
[2021-02-10T11:57:46,064][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Input configuration:
input {
syslog {
port => 5045
type => syslog
}
}

I’ve tried to add output rule in Mikrotik firewall (upd port 5045) and I see small traffic, but no changes, logs not displayed in Kibana. Please help.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 11:59 am

Post also your RouterOS logging setup, please.
 
awstest
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 4:24 pm

Re: Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 12:07 pm

Post also your RouterOS logging setup, please.
Sure. In Remote Address specified my local ip (logstash)
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 12:10 pm

And is this log action also used? you must configure logging rules, which topics will have this new action "logstash"
 
awstest
just joined
Topic Author
Posts: 6
Joined: Fri May 03, 2019 4:24 pm

Re: Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 12:21 pm

And is this log action also used? you must configure logging rules, which topics will have this new action "logstash"
Sure, logging rules was specified.
You do not have the required permissions to view the files attached to this post.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Logs to Elastic Kibana (Logstash on Windows Server)

Fri Feb 12, 2021 1:12 pm

On the logstash host, take a quick look using "tcpdump" to see if any log-messages actually arrive from the Mikrotik
It's not rocket science.

Who is online

Users browsing this forum: gigabyte091, koer, lurker888, Michiganbroadband, thomassocz, tjr and 75 guests